The present invention relates to methods of communicating among secure computer workstations in an uncontrolled network. More particularly, the invention relates to a method of conducting secure operations from computer workstations that are connected to an uncontrolled network in which a user can communicate from the user's home workstation or from another workstation by using an unsecure portable card.
An uncontrolled network is one that is not secure. That is, there is no control over who is on or listening to the communications on the network. A secure computer workstation is a computer terminal or communications device in which access to the workstation, to parts thereof, or to information therein is limited and achieved only by completing a prescribed set of security procedures. The workstation may also be able to provide unsecure operation (that is, anyone may be able to use the unsecure parts or information at the workstation). Typically, a key is used to conduct secure operations from the workstation. A key is a set of data (e.g., numbers, letters, symbols) that is desirably unique and may be randomly generated. Secure operations may be conducted when a user provides the proper key and may include, without limitation, using the secure computer workstation alone, communicating with other secure workstations on the network, and communicating secure information among workstations on the network.
One of the problems with conducting secure operations in an uncontrolled network is that when secure information is communicated on the network, it can be heard by anyone on the network and thus must be encrypted. Devices for encrypting and decrypting are well known and are operated by keys that enable the encrypting and decrypting devices. Secure operations between workstations will only work when each communicating entity has the same key, and the key must be distributed to each entity without compromising its security.
There are various methods for distributing keys, but none have proven satisfactory for uncontrolled computer networks (e.g., a local area network) for various reasons. For example, the size and/or dispersion of a computer network may make periodic hand distribution of the keys expensive or unduly cumbersome. Permanent keys (those that are not changed periodically) may not meet security requirements.
One solution is to distribute the keys through the network communications medium. However, this method requires that the keys are encrypted before they are distributed and that the user to whom the keys are being delivered is authorized to receive them. The paired problems of secure distribution of the keys and ascertaining the authority of the recipient make their solution far more complex than may be found in a typical automated bank teller operation, for example.
Another problem encountered by users of secure workstations is obtaining clearance to conduct secure operations on the network from a remote workstation. This problem may be encountered when a user wants to access secure information at his home workstation from a remote workstation. (A user's home workstation is the workstation that the user normally uses.)
Accordingly, it is an object of the present invention to provide a novel method for conducting secure operations on an uncontrolled network.
It is another object of the present invention to provide a novel method for conducting secure operations from computer workstations that are connected to an uncontrolled network in which a user can communicate from a workstation by using an unsecure portable card.
It is a further object of the present invention to provide a novel method for conducting secure operations on an uncontrolled network in which a user can communicate from the user's home workstation or from another workstation by using an unsecure portable card and secure personal identifier.
These and many other objects and advantages of the present invention will be readily apparent to one skilled in the art to which the invention pertains from a perusal of the claims, the appended drawings, and the following detailed description of preferred embodiments.